Skip to content

Commit

Permalink
Make it easier to locate expired certificate
Browse files Browse the repository at this point in the history
  • Loading branch information
@pzygielo
pzygielo committed Oct 15, 2022
1 parent a54dd09 commit da88a81
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
2 changes: 1 addition & 1 deletion docs/error-messages-reference/src/main/asciidoc/error-messages.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9990,7 +9990,7 @@ Please provide a valid specification version for this optional package
+
Action: Resolve the situation described in the message, if necessary.

[[sthref1941]]NCLS-SECURITY-05054 The SSL certificate has expired: \{0} ::
[[sthref1941]]NCLS-SECURITY-05054 The SSL certificate with alias \{0} has expired: \{1} ::
Cause: Certificate expired.
+
Action: Check the expiration date of the certificate.
Expand Down
7 changes: 4 additions & 3 deletions ...rity/ssl-impl/src/main/java/com/sun/enterprise/security/ssl/impl/SecuritySupportImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public class SecuritySupportImpl extends SecuritySupport {

protected static final Logger _logger = Logger.getLogger(SEC_SSL_LOGGER, SHARED_LOGMESSAGE_RESOURCE);

@LogMessageInfo(message = "The SSL certificate has expired: {0}", level = "SEVERE", cause = "Certificate expired.", action = "Check the expiration date of the certicate.")
@LogMessageInfo(message = "The SSL certificate with alias {0} has expired: {1}", level = "SEVERE", cause = "Certificate expired.", action = "Check the expiration date of the certicate.")
private static final String SSL_CERT_EXPIRED = "NCLS-SECURITY-05054";

private static boolean initialized = false;
Expand Down Expand Up @@ -318,10 +318,11 @@ private void checkCertificateDates(KeyStore store) throws KeyStoreException {

Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
Certificate cert = store.getCertificate(aliases.nextElement());
var alias = aliases.nextElement();
Certificate cert = store.getCertificate(alias);
if (cert instanceof X509Certificate) {
if (((X509Certificate) cert).getNotAfter().before(initDate)) {
_logger.log(Level.SEVERE, SSL_CERT_EXPIRED, cert);
_logger.log(Level.SEVERE, SSL_CERT_EXPIRED, new Object[] { alias, cert });
}
}
}
Expand Down

0 comments on commit da88a81

Please sign in to comment.